JP5716741B2 - COMMUNICATION SYSTEM, LOGICAL CHANNEL CONTROL DEVICE, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM - Google Patents

Description

[Description of related applications]
The present invention is based on the priority claim of Japanese patent application: Japanese Patent Application No. 2010-132181 (filed on June 9, 2010), the entire content of which is incorporated herein by reference. Shall.
TECHNICAL FIELD The present invention relates to a communication system, a logical channel control device, a control device, a communication method, and a program. It relates to a method and a program.

  As shown in FIG. 30, a mobile network represented by a mobile phone network includes an E-UTRAN Node-B (eNodeB) X40, a Mobility Management Entity (MME) X41, a Serving Gateway (Serving GW) X42, and a Packet Data Network (42). PDN GW) X43 (see Non-Patent Document 1). The outline will be described below.

  The eNodeB X 40 is a logical channel control device that provides a logical channel to a communication terminal through wireless access called Long Term Evolution (LTE).

  The MME X41 is a control device that manages a plurality of eNodeBs and Serving GWs, and has a function of managing a logical channel called an Evolved Packet System (EPS) bearer for performing handover and packet communication between a communication terminal and the eNodeB. To do.

  Serving GW X42 is a packet transfer apparatus belonging to the geographical area where the communication terminal is located, and has a function of relaying data packets transferred between the eNodeB and the PDN GW.

  The PDN GW X43 is a gateway device for providing access to the Packet Data Network (PDN) 11, generates an EPS bearer for the communication terminal via the Serving GW X42, and accesses the PDN 11 to the communication terminal A function of paying out an IP address for use. Examples of the PDN include an operator network (communication carrier network), an in-company network, a university campus, and a home network.

  In the mobile network of FIG. 30, a series of procedures until the communication terminal X51 connects to the eNodeB X40 and accesses the server X61 in the PDN 11 will be described with reference to FIG.

  When the communication terminal X51 links up with the eNodeB X40, it generates an EPS bearer for accessing the PDN 11. In that case, MME X41 and Serving GW X42 specify PDN11 which communication terminal X51 is going to access using the information called Access Point Name (APN). As a method for obtaining this APN, there are a method in which the communication terminal X51 notifies the communication system, a method of downloading from a subscriber information database called Home Subscriber Server (HSS), which is omitted in FIG. At that time, the PDN GW X43 issues an IP address for accessing the PDN 11 to the communication terminal X51. As described above, when an EPS bearer between the communication terminals X51 to PDN11 is constructed, a plurality of and a series of tunnels are generated between the communication terminals X51 to PDN11. The communication terminal X51 can access the server X61 existing in the PDN 11 through the tunnel constructed in this way.

  As described above, in the technique of Non-Patent Document 1, since the communication terminal generates a tunnel to access the PDN and accesses it, the PDN and the communication terminal use the private IP address, and the address space between the other PDN and the communication terminal is different. Even if there is a collision, each communication can be identified and each PDN access can be provided.

  Non-Patent Document 2 is a specification of a technique called OpenFlow. OpenFlow captures communication as an end-to-end flow and performs path control, failure recovery, load balancing, and optimization on a per-flow basis. The OpenFlow switch that functions as a forwarding node includes a secure channel for communication with the OpenFlow controller, and operates according to a flow table that is appropriately added or rewritten from the OpenFlow controller. In the flow table, a set (processing rule) of a rule (FlowKey; matching key) that matches a packet header, an action (Action) that defines processing contents, and flow statistical information (Stats) is defined for each flow. (See FIG. 32).

  For example, when the OpenFlow switch receives the first packet (first packet), the OpenFlow switch searches the flow table for an entry having a rule (FlowKey) that matches the header information of the received packet. When an entry that matches the received packet is found as a result of the search, the OpenFlow switch performs the processing content described in the action field of the entry on the received packet. On the other hand, if no entry matching the received packet is found as a result of the search, the OpenFlow switch forwards the received packet to the OpenFlow controller via the secure channel, and the source / destination of the received packet. To determine the route of the packet based on the above, receives a processing rule (flow entry) for realizing this, and updates the flow table. As described above, transfer of packets belonging to the flow is realized.

3GPP TS 23.401 ver.9.3.0. “General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access”, [searched March 8, 2010], Internet <http : //www.3gpp.org/ftp/Specs/archive/23_series/23.401/23401-930.zip> "OpenFlow Switch Specification" Version 1.0.0. (Wire Protocol 0x01) [Search on March 8, 2010], Internet <URL: http://www.openflowswitch.org/documents/openflow-spec-v1 .0.0.pdf>

Each disclosure of the above non-patent literature is incorporated herein by reference. The following analysis was made by the present inventors.
However, due to the rapid increase in mobile Internet traffic in recent years, 3GPP has examined a method for transmitting and receiving data packets directly via the Internet from the eNodeB without going through the communication system owned by the mobile operator under the name Selected IP Traffic Offload (SIPTO). Has been. This communication system to which SIPTO is applied is assumed to be realized by providing eNodeB with the functions of Serving GW and PDN GW.

  FIG. 15 is a diagram illustrating a configuration of a communication system in which the technology of Non-Patent Document 2 is applied to the SIPTO. In the example of FIG. 15, the communication system 3 includes a control device 120 corresponding to the above-described OpenFlow controller, flow switches 130 to 132 corresponding to the above-described OpenFlow switch, an eNodeB 140, and an MME 241.

  As will be described in detail later with reference to FIG. 2, the control device 120 manages the network topology based on information collected from the flow switch, refers to the network topology, determines the transfer path of the received packet and the transfer path. In addition to a path / action calculation unit that calculates actions to be realized, a flow entry management unit that generates a flow entry with a timeout value, a communication terminal that manages which port of which flow switch the communication terminal is connected to A position management unit and a flow switch management unit for managing flow switch configuration information and the like are provided, and processing rules (flow entries) are set in the flow switches 130 to 132.

  The flow switches 130 to 132 process received packets based on the processing rule (flow entry) set by the control device 120. Specifically, when the flow switches 130 to 132 receive a packet, the flow switches 130 to 132 search a processing rule (flow entry) having a matching key matching the received packet from a flow table in which the processing rule (flow entry) is stored. Processing (for example, forwarding to a specific port, flooding, header rewriting, discarding, etc.) specified in the action field of the searched processing rule (flow entry) is performed.

  Each time the flow switches 130 to 132 process a packet, they reset the timeout value in the action field of the searched processing rule (flow entry). On the other hand, if a packet matching a certain processing rule (flow entry) is not received and it is determined that a timeout has occurred, the flow switch deletes the corresponding processing rule (flow entry).

  15 is a logical channel control device that provides a logical channel to a communication terminal through wireless access called Long Term Evolution (LTE), and also has the functions of Serving GW X42 and PDN GW X43 shown in FIG. Suppose you are.

  In the communication system 3 having such a configuration, access to PDNs belonging to a plurality of competing private address spaces operates as follows.

  First, as a premise, it is assumed that the PDN 11 and the PDN 12 are private IP networks and the subnets are the same. Further, it is assumed that the same IP address is assigned to the server 161 and the server 162 existing in each PDN.

  When the communication terminal 151 is linked up with the eNodeB 140, the communication terminal 151 generates an EPS bearer for assigning an IP address from an IP address pool managed by the eNodeB 140. At that time, the communication terminal 151 notifies the eNodeB 140 to that effect using the APN.

  When the eNodeB 140 is approved by the MME 241 to generate the EPS bearer, the eNodeB 140 establishes an EPS bearer between the communication terminals 151 to the eNodeB 140. In this communication system 3, since the eNodeB 140 also has the functions of Serving GW and PDN GW, this EPS bearer is terminated at the eNodeB 140.

  Next, the communication terminal 151 transmits a data packet to access the server 161. This data packet reaches the flow switch 130 via the eNodeB 140. When receiving the data packet, the flow switch 130 searches the flow table and searches for a processing rule (flow entry) that matches the received packet. However, since this packet is an unknown packet, there is no corresponding processing rule (flow entry). Therefore, the flow switch 130 buffers the received packet and then transmits a new flow detection notification (Packet-In) to the control device 120. This new flow detection notification includes information (for example, a MAC address, an IP address, a port number (including both a transmission source and a destination)) and a packet reception port identifier necessary for identifying a processing rule (flow entry). .

  Upon receiving the new flow detection notification, the control device 120 attempts to confirm the location of the destination server 161 in order to calculate a packet transfer path from the communication terminal 151 to the server 161. However, the control device 120 uses information for specifying the location. Since the IP address of a certain server 161 is a private IP address, the position cannot be specified only by information obtained from the new flow detection notification.

  In short, a communication system in which the technology of Non-Patent Document 2 is applied to the above SIPTO or the like has a problem that a duplicate packet in the private IP address space cannot be transferred to an appropriate destination. This is because the control device cannot recognize the private IP address space that the communication terminal is trying to access.

  Accordingly, an object of the present invention is to provide a configuration capable of realizing transfer control of duplicate packets in a private IP address space in a configuration having a control device that sets a processing rule in a forwarding node.

  According to a first aspect of the present invention, a control device that sets processing rules in a forwarding node, and a plurality of forwarding nodes that include a packet processing unit that processes received packets based on the set processing rules, And at least one forwarding node among the forwarding nodes operates as a logical channel control device that establishes a logical channel with an external node, and is virtually associated with the logical channel established with the external node. A communication system is provided that generates or deletes port information and notifies the control device, and the control device calculates a packet transfer path using the notified port information.

  According to the second aspect of the present invention, a logical channel is created between the external node and a logical channel manager that creates or deletes a virtual port in association with the constructed logical channel. A logical channel control device is provided that includes a virtual flow switch unit that processes a received packet based on a set processing rule and notifies the control device of creation or deletion of the virtual port.

  According to a third aspect of the present invention, there is provided a control device that calculates a packet transfer route based on network attribute information associated with port information and sets a processing rule for a transfer node on the packet transfer route. Provided.

  According to a fourth aspect of the present invention, a plurality of forwarding nodes including a packet processing unit that is connected to a control device that sets a processing rule in a forwarding node and that processes a received packet based on the set processing rule. At least one of the forwarding nodes operates as a logical channel controller that establishes a logical channel with an external node, and assigns virtual port information to the logical channel established with the external node, Notifying to the control device, and the control device calculates a packet forwarding route using the notified port information, creates a processing rule for realizing the forwarding route, and sets it in the forwarding node And a communication method is provided. Note that this method is linked to a specific machine, which is a computer constituting the logical channel control device and the control device.

  According to a fifth aspect of the present invention, there is provided a program to be executed by a computer constituting a forwarding node that processes a received packet based on a processing rule set by a control device, wherein a logical channel is communicated with a communication terminal. And a program for causing the computer to execute a process of generating or deleting a virtual port in association with the configured logical channel and a process of notifying the path control device of the creation or deletion of the virtual port. Provided. This program can be recorded on a computer-readable storage medium. That is, the present invention can be embodied as a computer program product.

  According to the present invention, duplicate packets in the private IP address space can be identified and transferred as separate flows. The reason is that a forwarding node that operates as a logical channel control device creates or deletes virtual port information in association with a logical channel by a logical channel control device built between the external node and the control device. In addition to the notification, the control device is configured to calculate the packet transfer path based on the port information notified from the transfer node operating as the logical channel control device.

It is a figure for demonstrating the structure of the 1st Embodiment of this invention. It is a block diagram showing the structure of the control apparatus of the 1st Embodiment of this invention. It is an example of the table hold | maintained at the communication terminal location management part of the control apparatus of the 1st Embodiment of this invention. It is an example of the table hold | maintained at the port attribute management part of the control apparatus of the 1st Embodiment of this invention. It is a block diagram showing the structure of the logical channel control apparatus of the 1st Embodiment of this invention. It is an example of the table hold | maintained at the logical channel management part of the logical channel control apparatus of the 1st Embodiment of this invention. It is a sequence diagram which shows operation | movement of the 1st Embodiment of this invention. FIG. 8 is a continuation diagram of FIG. 7. FIG. 9 is a continuation diagram of FIG. 8. FIG. 10 is a continuation diagram of FIG. 9. It is an example of the table hold | maintained at the communication terminal location management part of the control apparatus of the 2nd Embodiment of this invention. It is an example of the table hold | maintained at the port attribute management part of the control apparatus of the 2nd Embodiment of this invention. It is a block diagram showing the structure of the logical channel control apparatus of the 2nd Embodiment of this invention. It is an example of the table hold | maintained at the logical channel management part of the logical channel control apparatus of the 2nd Embodiment of this invention. It is a figure showing the structure of one specific example of this invention. FIG. 16 is a block diagram illustrating a specific configuration of the eNodeB in FIG. 15. It is a sequence diagram which shows operation | movement of one specific example of this invention. FIG. 18 is a continuation diagram of FIG. 17. It is a continuation figure of FIG. FIG. 20 is a continuation diagram of FIG. 19. FIG. 16 is another block diagram illustrating a specific configuration of the eNodeB in FIG. 15. It is another figure showing the structure of one specific example of this invention. It is another figure showing the structure of one specific example of this invention. It is another figure showing the structure of one specific example of this invention. FIG. 25 is another block diagram showing a specific configuration of the VPN GW of FIG. 24. It is a sequence diagram which shows operation | movement of one specific example of this invention. FIG. 27 is a continuation diagram of FIG. 26. It is a continuation figure of FIG. It is a continuation figure of FIG. 2 is a block diagram illustrating a configuration of a communication system of Non-Patent Document 1. FIG. 10 is a sequence diagram showing an operation of the communication system of Non-Patent Document 1. FIG. It is a figure showing the structure of the flow entry of a nonpatent literature 2.

  First, the outline of the present invention will be described. In the present invention, as shown in FIGS. 1, 2, and 5, the logical channel control device constructs a logical channel with an external node and generates a virtual port in association with the constructed logical channel. Or a logical channel management unit to be deleted, and a virtual flow switch unit that processes a received packet based on a processing rule set by the control device and notifies the control device of creation or deletion of the virtual port, And the control device determines whether the external node (the communication terminal of FIG. 1, the VPN client of FIG. 24, etc.) and the external node are based on the network attribute information (for example, PDN identification information) associated with the notified port. This can be realized by identifying the server to be accessed and calculating the packet transfer route.

  The control device sets a processing rule for realizing the transfer path in each transfer node on the calculated packet transfer path. As described above, it is possible to appropriately transfer duplicate packets in the private IP address space.

[First Embodiment]
Next, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram for explaining the configuration of a communication system according to the first embodiment of the present invention. Referring to FIG. 1, a control device 20, transfer nodes 30 to 32, and a logical channel control device 40 are shown. In the example of FIG. 1, one logical channel control device 40 and three forwarding nodes 30 to 32 are arranged, and two communication terminals 51 and 52 and two servers 61 and 62 on PDNs 11 and 12 are connected. However, each number is merely an example, and can be any number.

  FIG. 2 is a diagram showing a detailed configuration of the control device 20 of FIG. Referring to FIG. 2, the control device (controller) 20 includes a flow entry database (flow entry DB) 21 for storing processing rules (flow entries), a communication terminal location management unit 22, a topology management unit 23, a route / An action calculation unit 24, a flow entry management unit 25, a control message processing unit 26, a node communication unit 27 that communicates with the forwarding nodes 30 to 32 and the logical channel control device 40, and a port attribute management unit 28 are provided. Configured. Each of these operates as follows.

  The communication terminal location management unit 22 connects to which network the communication terminals 51 and 52 and PDNs 11 and 12 connected to the communication system 1 belong, and to which port of the logical channel control device and the forwarding node. To manage. This location management is performed based on, for example, a port generation notification or virtual port deletion notification, a new flow detection notification, a flow deletion notification, etc., which will be described later, from the logical channel control device 40.

  FIG. 3 is a diagram illustrating an example of a table held in the communication terminal location management unit 22. The table in FIG. 3 includes terminal identification information, location information, network attributes, and flow information. The terminal identification information is an identifier for specifying the communication terminal. In the example of FIG. 3, the IP address of the communication terminal is used. When information other than the IP address such as the MAC address is used as the terminal information, an information element indicating the IP address of the communication terminal may be separately added to this table. The position information is information indicating the connection point to the communication system as the position of the communication terminal, and is composed of a switch number and a port number. The network attribute is attribute information of the network to which the corresponding port belongs. Flow information is information on a flow that passes through this port. In the example of FIG. 3, entries relating to the communication terminal 51, the communication terminal 52, the PDN 11, and the PDN 12 are described. The reason why there are two location information entries for each of the communication terminals 51 and 52 is that different logical channels are constructed for uplink and downlink for communicating with terminals belonging to the PDN.

  The topology management unit 23 constructs network topology information based on the connection relationship between the forwarding nodes 30 to 32 and the logical channel control device 40 collected via the node communication unit 27.

  The route / action calculation unit 24 is managed by the communication terminal location information managed by the communication terminal location management unit 22, the network topology information constructed by the topology management unit 23, and the port attribute management unit 28. Based on the network attribute information, a packet transfer route and an action to be executed by the transfer nodes 30 to 32 on the transfer route are obtained.

  The flow entry management unit 25 registers the result calculated by the route / action calculation unit 24 in the flow entry DB 21 as a processing rule (flow entry), and the processing rule (from the logical channel control device 40 or the forwarding nodes 30 to 32 ( A processing rule (flow entry) is set in response to a request to add or update a flow entry.

  The control message processing unit 26 analyzes the control message received from the logical channel control device 40 or the forwarding nodes 30 to 32 and delivers the control message information to the corresponding processing means in the control device 20.

  The port attribute management unit 28 manages to which network each port of the logical channel control device and the forwarding node in the communication system 1 belongs.

  FIG. 4 is a diagram illustrating an example of a table held in the port attribute management unit 28. The table shown in FIG. 4 includes a switch number, a port number, and network attributes. Here, “Global” in the network attribute indicates a global network that does not use a private address space.

  In the above-described configuration, the flow entry DB 21 can be omitted when the control device 20 does not need to hold a processing rule (flow entry). A configuration in which the flow entry DB 21 is separately provided in an external server or the like can also be employed.

  The control device 20 as described above is based on the OpenFlow controller of Non-Patent Document 2, and includes the communication terminal location management unit 22 and the port attribute management unit 28, and the route taking the terminal location and network attribute information into consideration It is also possible to realize with a configuration that performs calculation of the above and creation of a processing rule (flow entry).

  When the forwarding nodes 30 to 32 receive the packet, the forwarding nodes 30 to 32 search for a processing rule (flow entry) having a matching key that matches the received packet from the flow table storing the processing rule (flow entry), and the processing rule (flow entry). ) Is executed according to the action linked to (for example, forwarding to a specific port, flooding, discarding, etc.).

  Each time the forwarding nodes 30 to 32 process a packet, the forwarding nodes 30 to 32 reset the timer (timeout information) in the action field of the corresponding processing rule (flow entry). When the timer reaches 0, the forwarding nodes 30 to 32 delete the corresponding processing rule (flow entry) from the flow table. This prevents a situation in which a processing rule (flow entry) that is no longer used remains indefinitely and an unintended action is executed.

  Note that the forwarding nodes 30 to 32 described above can also be realized by a configuration equivalent to the OpenFlow switch of Non-Patent Document 2.

  The logical channel control device 40 manages logical channels for communication terminals to connect to the communication system 1, and provides connectivity to the communication system 1.

  FIG. 5 is a block diagram showing the detailed configuration of the logical channel control device 40. Referring to FIG. 5, the logical channel control device 40 includes a logical channel management unit 41 and a virtual flow switch unit 42. The data transfer network shown in the upper part of FIG. 5 is a network composed of the above-described control device and one or more transfer nodes, and is formed by the control device 20 and transfer nodes 30 to 32 of FIG. Corresponds to the network to be used.

  The logical channel management unit 41 is a virtual flow switch for logical channel management functions such as creation and release of logical channels for communication terminals to transmit and receive data packets via the communication system 1 and events such as creation and release of logical channels. A logical channel event notification function for notifying the unit 42, and a packet transfer function between the logical channel and the virtual flow switch unit 42. In this embodiment, the logical channel management unit 41 is also provided with an IP address management function for paying out IP addresses to the communication terminals 51 and 52, but separately from the logical channel management unit 41, An IP address management unit that plays the same role as the IP address management function may be provided.

  FIG. 6 is a diagram illustrating an example of a table held in the logical channel management unit 41. The table in FIG. 6 includes logical channel numbers, network attributes, flow information, and internal IF numbers. The logical channel number is an identifier for specifying a logical channel to be established with the communication terminal. The network attribute is attribute information of the network to which the corresponding logical channel belongs. The flow information is information on a flow that passes through this logical channel. The internal IF number is an identifier for specifying an internal IF (interface) with the virtual flow switch unit 42 corresponding to this logical channel.

  The virtual flow switch unit 42 is obtained by adding a virtual port management function and a port event notification function in addition to the functions of the forwarding nodes 30 to 32 described above. The virtual port management function corresponds to an event such as generation / release of a logical channel notified from the logical channel management unit 41, and a virtual port 43 (corresponding to the port numbers in FIGS. 3 and 4) corresponding to each logical channel. This is a function for creating / deleting and managing virtual ports.

  The port event notification function is a function for notifying the control device 20 of an event such as generation / deletion of the virtual port 43.

  Note that each unit (processing means) of the logical channel control device 40 shown in FIG. 5 is realized by a computer program that causes a computer constituting the logical channel control device 40 to execute the above-described processes using its hardware. You can also.

  Next, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 7 is a sequence diagram showing the operation of the first exemplary embodiment of the present invention. FIG. 7 shows a series of procedures until the communication terminal 51 is connected to the communication system 1, that is, until a logical channel for accessing the logical channel control device 40 and the PDN 11 is generated.

  Referring to FIG. 7, first, the communication terminal 51 generates a logical channel for accessing the PDN 11 with the logical channel control function 40 (step S002). When generating a logical channel, the communication terminal 51 notifies PDN identification information indicating the PDN 11 as network attribute information together with flow information passing through the logical channel. Thereby, the communication terminal 51 explicitly notifies the logical channel control device 40 that the logical channel is a logical channel for accessing the PDN 11. The flow information and PDN identification information belonging to the logical channel has been described as being notified from the communication terminal 51 to the logical channel control device 40, but downloaded from a separately provided subscriber information database (not shown in FIG. 1). It is also good.

  In addition, the logical channel control device 40 pays out an IP address used when accessing the PDN 11 to the communication terminal 51 when the logical channel is generated. The IP address to be paid out to the communication terminal 51 may be downloaded from the subscriber information database, similarly to the flow information and PDN identification information described above.

  When a logical channel with the communication terminal 51 is generated, the logical channel control device 40 generates a virtual port 43 corresponding to this logical channel (step S003). Specifically, the logical channel management unit 41 of the logical channel control device 40 notifies the virtual flow switch unit 42 of logical channel generation. At that time, the logical channel management unit 41 also notifies the IP address, flow information, and PDN identification information of the communication terminal 51 associated with the logical channel. Here, the IP address of the communication terminal 51 may be notified in the form of part of the flow information. Also, QoS information associated with this logical channel may be notified together. When receiving the logical channel generation notification, the virtual flow switch unit 42 generates a virtual port 43 associated with the logical channel. The virtual port 43 is connected to the logical channel management unit 41 via the internal interface of the logical channel control device 40. Therefore, the logical channel management unit 41 can also recognize the correspondence between the logical channel and the virtual port 43. As a result, the logical channel management unit 41 can transfer the data packet input from the virtual port 43 to the corresponding logical channel.

  When the virtual port 43 is generated, the virtual flow switch unit 42 in the logical channel control device 40 transmits a port generation notification indicating the generation of the virtual port 43 to the control device 20 (step S004). This port generation notification includes a forwarding node identifier for identifying the virtual flow switch unit 42, a port identifier assigned to the virtual port 43, an IP address associated with the virtual port, flow information, and PDN identification information. The IP address may be notified in the form of part of the flow information. Also, QoS information associated with this logical channel may be notified together.

  When receiving the port generation notification, the control device 20 registers the correspondence relationship between the communication terminal 51 and the notified port and network attribute in the communication terminal location management unit 22. Further, the control device 20 registers the correspondence relationship between the notified port and the network attribute (PDN identification information) in the port attribute management unit 28.

  In FIG. 7, only one logical channel is constructed, but actually two logical channels in total, upstream and downstream, are constructed.

  FIG. 8 is a diagram for explaining a procedure until the communication terminal 51 starts communication with the server 61 in the PDN 11 after the creation of the virtual port. Referring to FIG. 8, first, when the communication terminal 51 transmits a data packet to the server 61 via a logical channel (step S005), the data packet reaches the logical channel control device 40 that terminates the logical channel. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  When receiving the data packet, the logical channel control device 40 passes the data packet from the logical channel management unit 41 to the virtual flow switch unit 42 via the internal interface corresponding to the logical channel.

  When receiving the data packet, the virtual flow switch unit 42 searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the first packet after the communication terminal 51 connects to the logical channel control device 40, there is no corresponding processing rule. Accordingly, the virtual flow switch unit 42 buffers the received packet and then transmits a new flow detection notification (Packet-In) to the control device 20 (step S006). The new flow detection notification includes information necessary for identifying and creating a processing rule (for example, a MAC address, an IP address, a port number (including both a transmission source and a destination) and a VLAN ID), and a reception port identifier of the packet. (Port identifier of virtual port) is included. Note that. In the present embodiment, the virtual flow switch unit 42 is described as transmitting information necessary for identifying and creating a processing rule to the control device 20. However, the virtual flow switch unit 42 may transmit the received packet to the control device 20 as it is. good.

  When receiving the new flow detection notification, the control device 20 receives the reception port identifier (included in the new flow detection notification) based on the correspondence between the port managed by the port attribute management unit 28 and the network attribute (PDN identification information). It is determined from the port identifier of the virtual port that this flow belongs to the PDN 11. Then, the control device 20 uses the server 61 as a communication partner of the communication terminal 51 based on information necessary for identifying and creating a processing rule included in the new flow detection notification and information managed by the communication terminal location management unit 22. Identify that. Further, the control device 20 determines a matching key for a processing rule to be newly set, confirms the position of the server 61 as a destination, and calculates a packet transfer path from the communication terminal 51 to the server 61. Here, it is assumed that, as a result of the route calculation, a route for transferring packets in the order of the logical channel control device 40, the transfer node 30, and the transfer node 31 is calculated. As the matching key, in addition to the receiving port and VLAN ID of the packet, the source IP address is the IP address issued to the communication terminal 51, and the destination MAC address and the destination IP address are the addresses of the server 61. It is assumed that a matching key has been determined. Further, ID # 1 is embedded in the VLAN ID by the logical channel controller 40 which is the first forwarding node on the calculated route, and the original VLAN ID is assigned to the VLAN ID by the forwarding node 31 which is the last forwarding node on the calculated route. Assume that it is determined to perform an action of embedding ID # 0 as a value.

  Furthermore, the control device 20 calculates an action for realizing the transfer path, and processes rules having the matching key and the action for the logical channel control device 40, the transfer node 30, and the transfer node 31 on the transfer path, respectively. Is sent to request setting of processing rules (step S007).

  After setting the processing rules, the control device 20 registers each processing rule in the flow entry DB 21.

  When the setting of the processing rule is completed, the virtual flow switch unit 42 of the logical channel control device 40 changes the VLAN ID of the buffered packet according to the processing rule to ID # 1, and then transfers the packet (step S008). ). Since processing rules have already been set for the transfer nodes 30 and 31 on the transfer path of this packet, the packet is transferred from the transfer node 30 to the transfer node 31. When the forwarding node 31 receives the packet, the forwarding node 31 changes the VLAN ID of the packet to the original value ID # 0, and then forwards the packet to the server 61.

  FIG. 9 is a diagram for explaining a procedure until the server 61 that has received the data packet from the communication terminal 51 transmits the data packet to the communication terminal 51 as described above. Referring to FIG. 9, first, when the server 61 transmits a data packet to the communication terminal 51 (step S <b> 101), the data packet reaches the forwarding node 31. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  When receiving the data packet, the forwarding node 31 searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the first packet transmitted from the server 61 to the communication terminal 51, there is no corresponding processing rule. Accordingly, the forwarding node 31 buffers the received packet and then transmits a new flow detection notification (Packet-In) to the control device 20 (step S102).

  When receiving the new flow detection notification, the control device 20 receives the reception port identifier (included in the new flow detection notification) based on the correspondence between the port managed by the port attribute management unit 28 and the network attribute (PDN identification information). It is determined from the port identifier of the virtual port that this flow belongs to the PDN 11. Then, the control device 20 determines that the destination of this packet is the communication terminal 51 based on the information necessary for identifying and creating the processing rule included in the new flow detection notification and the information managed by the communication terminal location management unit 22. Is identified. Furthermore, the control device 20 determines a matching key for a processing rule to be newly set, and calculates a packet transfer path from the server 61 to the communication terminal 51. At that time, based on the information managed by the communication terminal location management unit 22, the control device 20 transfers this flow so that the communication terminal 51 outputs to the virtual port corresponding to the logical channel constructed for accessing the PDN 11. Calculate the route.

  Here, it is assumed that, as a result of the route calculation, a route for transferring packets in the order of the forwarding node 31, the forwarding node 30, and the logical channel control device 40 is calculated. Further, as the matching key, in addition to the reception port and VLAN ID of the packet, the source MAC address and the source IP address are the addresses of the server 61, and the destination IP address is the IP address issued to the communication terminal 51. Assume that the matching key to be determined has been determined. In this case as well, ID # 1 is embedded in the VLAN ID at the forwarding node 31 that is the first forwarding node on the calculated route, and the VLAN ID is assigned at the logical channel controller 40 that is the last forwarding node on the computed route. It is assumed that the action of embedding ID # 0 which is the original value is decided to be performed.

  Further, the control device 20 calculates an action for realizing the transfer route, and processes rules having the matching key and the action for the transfer node 31, the transfer node 30, and the logical channel control device 40 on the transfer route, respectively. Is sent to request setting of processing rules (step S103).

  After setting the processing rules, the control device 20 registers each processing rule in the flow entry DB 21.

  When the setting of the processing rule is completed, the forwarding node 31 changes the VLAN ID of the buffered packet according to the processing rule to ID # 1, and forwards it (step S104). Since processing rules have already been set in the transfer node 31 and the logical channel control device 40 on the transfer path of this packet, the packet is transferred from the transfer node 31 to the transfer node 30 and from the transfer node 31 to the logical channel control device. 40. When receiving the packet, the logical channel control device 40 changes the VLAN ID of the packet to the original value ID # 0, and then causes the packet to reach the communication terminal 51 through the logical channel.

  When another communication terminal 52 establishes a logical channel with the logical channel control device 40 in the above state, as shown in FIG. 7, the logical channel control device 40 generates a virtual port corresponding to this, and the control device 20 is notified. As described above, the control device 20 includes, in the new flow notification for the data packet from the communication terminal 52, information necessary for identifying and creating the processing rule and the reception port identifier of the packet (port identifier of the virtual port). Therefore, the control device can identify both and generate a new processing rule (flow entry). Furthermore, an identifier is embedded in a data packet in order to uniquely identify a flow in a communication system in which a plurality of different private IP address spaces are mixed (in this embodiment, VLAN ID). Is included in the matching key, both can be identified and a new processing rule (flow entry) can be generated.

  FIG. 10 is a diagram for explaining the procedure until the communication terminal 51 leaves the communication system 1, that is, disconnects the logical channel established with the logical channel control device 40 to access the PDN 11. .

  Referring to FIG. 10, first, the communication terminal 51 releases a logical channel for accessing the PDN 11 (step S105; logical channel disconnection). When the logical channel with the communication terminal 51 is released, the logical channel control device 40 deletes the virtual port corresponding to this logical channel (step S106). Specifically, the virtual flow switch unit 42 in the logical channel control device 40 performs a process of deleting a virtual port associated with the logical channel based on a notification (logical channel release) from the logical channel management unit 41. .

  When the virtual port 43 is deleted, the virtual flow switch unit 42 in the logical channel control device 40 transmits a port deletion notification to the control device 20 (step S107). This port deletion notification includes a forwarding node identifier for identifying the virtual flow switch unit 42 and a port identifier assigned to the virtual port 43.

  When the port deletion notification is received, the control device 20 deletes the correspondence relationship between the communication terminal 51 and the notified virtual port registered in the communication terminal location management unit 22. In addition, the control device 20 deletes the correspondence relationship between the notified port and the network attribute registered in the port attribute management unit 28.

  As described above, in the present embodiment, since the virtual port having the network attribute is generated / deleted according to the generation / deletion of the logical channel, duplicate packets (for example, the destination IP address of the private IP address space) , Packets having the same private IP address but having different connection port numbers or network attribute information in the virtual flow switch unit can be identified and transferred as different flows.

  In the above-described embodiment, the communication terminal 51 constructs only one logical channel for uplink and downlink, but may construct two or more logical channels for uplink and downlink at the same time.

  In the above-described embodiment, the control device 20 registers the correspondence between the communication terminal 51, the virtual port, and the network attribute in the communication terminal location management unit 22 when the port generation notification is received. These pieces of information may be registered in response to reception of a flow detection notification (Packet-In).

  In the above-described embodiment, the communication terminal has been described as establishing a logical channel with the logical channel control device 40. However, in order to access the PDN from another external node, for example, a network behind it, A device that establishes a logical channel with the channel control device may be used.

  In the above-described embodiment, the control device 20 sets the processing rule in response to the reception of the new flow detection notification from the forwarding node. However, the processing rule is predicted in advance by predicting the occurrence of the flow. Can also be set. Further, the control device 20 may be configured to calculate a packet transfer path considering QoS based on QoS information or the like included in the port generation notification. Further, the control device 20 may be configured to identify the position of the communication terminal and calculate the packet transfer path based on the flow information included in the port generation notification.

[Second Embodiment]
Next, a second embodiment of the present invention in which the configuration of the logical channel control apparatus of the first embodiment is changed will be described in detail with reference to the drawings. Since the configuration of the present embodiment is basically the same as that of the first embodiment, the difference will be mainly described below.

  FIG. 11 is an example of a table held in the communication terminal location management unit 22 of the control device according to the second embodiment of this invention. As will be described later, in order to generate a virtual port for each PDN identification information, the terminal identification information entry is compared with the table (FIG. 3) held in the communication terminal location management unit 22 of the first embodiment. It is running low.

  FIG. 12 is an example of a table held in the port attribute management unit 28 of the control device according to the second embodiment of this invention. Compared with the table (FIG. 4) held in the port attribute management unit 28 of the first embodiment, the number of port attribute entries of the logical channel control device 40 is reduced.

  FIG. 13 is a diagram for explaining the configuration of the logical channel control apparatus according to the second embodiment of the present invention. The difference from the logical channel control apparatus of the first embodiment of the present invention is the generation granularity of the virtual port of the logical channel control apparatus. In the first embodiment, the virtual flow switch unit 42 generates a virtual port in units of logical channels constructed between the communication terminal 51 (52) and the logical channel control device 40. However, in this embodiment, a common parameter is set. The virtual port is generated in units of a plurality of logical channels. Here, description will be made assuming that PDN identification information is used as a common parameter.

  Referring to FIG. 13, a logical channel control device 40a including a logical channel management unit 41a and a virtual flow switch unit 42 is shown.

  The logical channel management unit 41a performs logical channel management functions such as generation and release of logical channels for communication terminals to transmit and receive data packets via the communication system 1, and events such as generation and release of logical channels for each PDN. A logical channel event notification function for notifying the virtual flow switch unit 42, a packet transfer function between the logical channel and the virtual flow switch unit 42, and an IP address management function for issuing an IP address to the communication terminals 51 and 52 are provided. ing. In the present embodiment, the logical channel management unit 41a is also provided with an IP address management function for issuing IP addresses to the communication terminals 51 and 52, but separately from the logical channel management unit 41a, An IP address management unit that plays the same role as the IP address management function may be provided.

  FIG. 14 is a diagram illustrating an example of a table held in the logical channel management unit 41a. Although it is almost the same as the table (FIG. 6) held in the logical channel management unit 41 of the first embodiment, the internal IF number is reduced because a virtual port is generated for each PDN identification information.

  The virtual flow switch unit 42 is obtained by adding a virtual port management function and a port event notification function in addition to the functions of the forwarding nodes 30 to 32 described above. The virtual port management function manages the virtual port by generating / deleting the virtual port 43 corresponding to each PDN in response to an event such as generation / release of the logical channel for each PDN notified from the logical channel management unit 41a. It is a function to do.

  The port event notification function is a function for notifying the control device 20 of an event such as generation / deletion of the virtual port 43.

  Next, the operation of this embodiment will be described. Since the operation of the present embodiment is substantially the same as that of the first embodiment described above, a series of flows will be described below by replacing the logical channel control device 40 of FIGS. 7 to 10 with the logical channel control device 40a.

  The flow until the communication terminal 51 in FIG. 7 generates a logical channel with the logical channel control device 40a is the same as that in the first embodiment described above (step S002 in FIG. 7).

  When the logical channel with the communication terminal 51 is generated, the logical channel control device 40a generates a virtual port corresponding to the PDN (step S003 in FIG. 7). Specifically, when a logical channel with the communication terminal 51 is generated, the logical channel management unit 41a of the logical channel control device 40a causes the virtual port corresponding to the PDN 11 to which this logical channel belongs to the virtual flow switch unit 42. Check if it exists. This is because when the logical channel management unit 41a requests the virtual flow switch unit 42 to generate a virtual port for the PDN 11, the PDN identification information is also notified, and a virtual port corresponding to the PDN 11 exists. Can be realized by not generating a new virtual port and performing the subsequent processing.

  When receiving a new virtual port generation request, the virtual flow switch unit 42 generates a virtual port associated with the PDN 11. The virtual port 43 is connected to the logical channel management unit 41a via the internal interface of the logical channel control device 40a. Therefore, the logical channel management unit 41a can also recognize the correspondence between the PDN and the virtual port 43. As a result, the logical channel management unit 41a can identify the PDN to which the data packet input from the virtual port 43 belongs.

  When the virtual port 43 is generated, the virtual flow switch unit 42 in the logical channel control device 40a transmits a port generation notification to the control device 20 (step S004 in FIG. 7). This port generation notification includes a forwarding node identifier for identifying the virtual flow switch unit 42, a port identifier assigned to the virtual port 43, and PDN identification information associated with the virtual port.

  When the port generation notification is received, the control device 20 registers the correspondence relationship between the notified port and the network attribute in the port attribute management unit 28 (see FIG. 12).

  Thereafter, as shown in FIG. 8, when a data packet addressed to the server 61 is received from the communication terminal 51, the logical channel control device 40a receives from the logical channel management unit 41a via the internal interface corresponding to the PDN 11 to which the logical channel belongs. The received data packet is passed to the virtual flow switch unit 42.

  The subsequent data packet transmission / reception processing is illustrated in FIGS. 9 to 10 in which the control device 20 causes the communication terminal location management unit 22 to communicate with the communication terminal 51, the virtual port, Since only the process of registering the correspondence relationship with the network attribute is added and is the same as that of the first embodiment, the detailed description is omitted.

  Then, as shown in FIG. 10, when the communication terminal 51 disconnects the logical channel for accessing the PDN 11 (step S105 in FIG. 10), the logical channel control device 40a deletes the virtual port corresponding to this logical channel ( Step S106 in FIG. Specifically, the logical channel management unit 41a in the logical channel control device 40a checks whether there is a logical channel belonging to the PDN 11 other than the disconnected logical channel. Here, since there is no other logical channel belonging to the PDN 11, the logical channel management unit 41a requests the virtual flow switch unit 42 to release the virtual port. When receiving the virtual port release request, the virtual flow switch unit 42 deletes the corresponding virtual port.

  When the virtual port is deleted, the virtual flow switch unit 42 in the logical channel control device 40a transmits a port deletion notification to the control device 20 (step S107 in FIG. 10). This port deletion notification includes a forwarding node identifier for identifying the virtual flow switch unit 42 and a port identifier assigned to the virtual port 43.

  When receiving the port deletion notification, the control device 20 deletes the correspondence between the notified port and the network attribute registered in the port attribute management unit 28 (see FIG. 12).

  As described above, the present invention can also be realized by a configuration in which a plurality of logical channels are collectively generated and deleted in PDN units. In the above-described embodiment, only PDN identification information is used as a common parameter for bundling a plurality of logical channels. However, a single communication terminal is connected to the same PDN, but a plurality of logical channels having different QoS information are bundled. Is also possible.

  In addition, in the present embodiment, the timing of logical channel construction / release, the number of logical channels constructed by the communication terminal 51, the processing rule setting trigger by the control device 20, and the like can be changed as appropriate.

[Specific Example 1]
Subsequently, the above-described first embodiment will be described more specifically with a specific example. FIG. 15 is a diagram showing the configuration of a specific example of the present invention. Referring to FIG. 15, a control device 120, flow switches (open flow switches) 130 to 132, eNodeB 140, and MME 241 are illustrated.

  The control device 120 sets a processing rule in the flow switches 130 to 132 and the eNodeB 140, thereby performing path control for a terminal connected to the communication system 3 to perform communication. More specifically, a network topology management function, a communication terminal location management function, a processing rule generation function, a route calculation function, a processing rule management function, a flow switch management function, and a port attribute management function are provided. ing. Such a control device 120 can be configured based on the OpenFlow controller of Non-Patent Document 2, for example.

  The network topology management function is a function for storing the network topology formed by the flow switch group based on information collected from the flow switch, and corresponds to the topology management unit 23 in FIG.

  The communication terminal location management function manages to which network the communication terminal and PDN connected to the communication system 3 belong, and to which port of which flow switch (including the eNodeB 140). It corresponds to the communication terminal location information management unit 22 in FIG.

  The processing rule generation function is a function for creating a processing rule, which will be described later, and is a function for determining a matching key and action contents, and corresponds to the route / action calculation unit 24 and the flow entry management unit 25 in FIG.

  The route calculation function is a function for calculating a packet transfer route for each flow, and corresponds to the route calculation function of the route / action calculation unit 24 in FIG.

  The processing rule management function is a function for managing what processing rule is set in which flow switch, and the flow entry management unit 25 in FIG. 2 corresponds to this function.

  The flow switch management function is a function for controlling the flow switch, and the control message processing unit 26 in FIG. 2 corresponds to this.

  The port attribute management function is a function for managing to which network each port of the flow switch (including the eNodeB 140) in the communication system 3 belongs, and the port attribute management unit 28 in FIG. Equivalent to.

  The flow switches 130 to 132 correspond to the forwarding nodes 30 to 32 of the first embodiment described above, and are devices that perform packet forwarding based on the processing rules set by the control device 120. Such flow switches 130 to 132 can be configured by, for example, the open flow switch of Non-Patent Document 2.

  The eNodeB 140 corresponds to the logical channel control device 40 of the first embodiment described above, manages a logical channel for a communication terminal to connect to the communication system 3, and provides a connectivity to the communication system 3, etc. It is realized by.

  FIG. 16 is a block diagram showing a specific configuration of the logical channel control device of FIG. As illustrated in FIG. 16, the eNodeB 140 includes a logical channel management unit 141 and a virtual flow switch unit 142.

  The logical channel management unit 141 includes a link control function such as establishment and disconnection of a link with a communication terminal, a bearer management function such as generation and release of a bearer for the communication terminal to transmit and receive data packets via the communication system 3, Bearer event notification function for notifying the virtual flow switch unit 142 of events such as bearer generation and release, a packet transfer function between the bearer and the virtual flow switch unit 142, and IP address management for issuing an IP address to a communication terminal Function. In this specific example, the logical channel management unit 141 is also provided with an IP address management function for issuing an IP address to the communication terminal. However, the logical channel management unit 141 has an IP address management function separately from the logical channel management unit 141. It is also possible to adopt a configuration in which an IP address management unit that plays the same role as is provided.

  The virtual flow switch unit 142 includes a virtual port management function and a port event notification function in addition to the functions corresponding to the flow switches 130 to 132 described above. The virtual port management function is a function for managing a virtual port by generating / deleting a virtual port corresponding to each bearer in response to an event such as bearer generation / release notified from the logical channel management unit 141. . The port event notification function is a function that notifies the control device 120 that notifies an event such as generation / deletion of a virtual port.

  Next, the overall operation will be described in detail with reference to the sequence diagrams of FIGS.

  First, a series of procedures until the communication terminal 151 connects to the communication system 3, that is, establishes a link with the eNodeB 140 and generates a bearer for accessing the PDN 11, will be described with reference to FIG.

  First, the communication terminal 151 links up with the eNodeB 140 (step S201). Subsequently, the communication terminal 151 generates a bearer for accessing the PDN 11 with the eNodeB 140 (step S202). When generating the bearer, the communication terminal 151 explicitly notifies the eNodeB 140 that the bearer is a bearer for accessing the PDN 11 by notifying the APN indicating the PDN 11 together with the flow information passing through the bearer. Also, at the time of bearer generation, the eNodeB 140 pays out an IP address used when accessing the PDN 11 to the communication terminal 151.

  In the example of FIG. 17, the flow information and APN belonging to the bearer are notified from the communication terminal 151 to the eNodeB 140, but may be downloaded from a home subscriber server (HSS; not shown). Similarly, the IP address paid out to the communication terminal 151 can be downloaded from the HSS.

  When the bearer with the communication terminal 151 is generated, the eNodeB 140 generates a virtual port corresponding to this bearer (step S203).

  Specifically, the logical channel management unit 141 which is an internal function of the eNodeB 140 notifies the virtual flow switch unit 142 of bearer generation. At that time, the logical channel management unit 41 also notifies the IP address, flow information, and APN of the communication terminal 151 associated with the bearer. When the virtual flow switch unit 142 recognizes the generation of a new bearer, the virtual flow switch unit 142 generates a virtual port associated with the bearer. This virtual port is connected to the logical channel management unit 141 through the internal interface of the eNodeB 140. Therefore, the logical channel management unit 141 can also recognize the correspondence between the bearer and the virtual port. As a result, the logical channel management unit 141 can transfer the data packet input from the virtual port to the corresponding bearer.

  When the virtual port is generated, the virtual flow switch unit 142 in the eNodeB 140 transmits a port generation notification to the control device 120 (step S204). This port generation notification includes a flow switch identifier for identifying the virtual flow switch unit 142, a port identifier assigned to the virtual port, an IP address associated with the virtual port, flow information, and APN.

  When receiving the port generation notification, the control device 120 stores the correspondence relationship between the communication terminal 151, the notified port, and its network attribute. The control device 20 registers the correspondence between the notified port and the network attribute.

  Next, a procedure in which the communication terminal 151 starts communication with the server 161 in the PDN 11 will be described with reference to FIG.

  First, the communication terminal 151 transmits a data packet to the server 161 via the bearer (step S205). This data packet reaches the eNodeB 140 that terminates the bearer. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  When the eNodeB 140 receives the data packet, the eNodeB 140 passes the data packet from the logical channel management unit 141 to the virtual flow switch unit 142 via the internal interface corresponding to the bearer.

  When the virtual flow switch unit 142 receives the data packet, it searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the first packet received, there is no corresponding processing rule.

  Therefore, the virtual flow switch unit 142 buffers the received packet, and then transmits a new flow detection notification to the control device 120 (step S206). This new flow detection notification includes information necessary for identifying a packet transfer rule (for example, MAC address, IP address, port number (including both the source and destination) and VLAN ID) and the received port identifier of the port that received the packet. It is included.

  When receiving the new flow detection notification, the control device 120 determines that this flow belongs to the PDN 11 from the reception port identifier included in the new flow detection notification. Then, the control device 120 confirms that the communication partner of the communication terminal 151 is the server 161 based on information necessary for identifying the packet transfer rule included in the new flow detection notification and information managed by the communication terminal location management function. Identify. Further, the control device 120 determines a matching key of a processing rule to be newly set and confirms the position of the server 161 as a destination, and calculates a packet transfer path from the communication terminal 151 to the server 161. Here, it is assumed that, as a result of route calculation, a packet transfer route for transferring packets in the order of the eNodeB 140, the flow switch 130, and the flow switch 131 is calculated.

  Further, as a matching key, in addition to the packet reception port and VLAN ID, the transmission source IP address is the IP address of the communication terminal 151, and the destination MAC address and the destination IP address are the addresses of the server 161. It is assumed that a matching key has been determined. Furthermore, it is assumed that the eNodeB 140 decides to embed ID # 1 in the VLAN ID and the flow switch 131 performs an action to embed ID # 0 which is the original value in the VLAN ID.

  The control device 120 creates a processing rule based on the matching key and the transfer route, and sets the processing rule in the flow switches 130 and 131 and the virtual flow switch unit 142 that are flow switches on the route (step S207).

  After setting the processing rules, the path control device 120 starts managing the processing rules set in the flow switches 130 and 131 and the virtual flow switch unit 142 by the processing rule management function.

  When the setting of the processing rule is completed, the virtual flow switch unit 142 changes the VLAN ID of the packet to ID # 1 in accordance with the processing rule, and then transfers the packet to the flow switch 130. Since a processing rule has already been set in step S207 for the flow switch on the packet transfer path, the packet is transferred in the order of the flow switches 130 and 131. When the flow switch 131 receives the packet, it changes the VLAN ID of the packet to the original value ID # 0 and then delivers the packet to the server 161.

  Next, a procedure in which the server 161 in the PDN 11 starts communication with the communication terminal 151 will be described with reference to FIG.

  First, the server 161 transmits a data packet to the communication terminal 151 (step S301). This data packet reaches the flow switch 131. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  When the flow switch 131 receives the data packet, it searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the packet transmitted first by the server 161, a new flow detection notification is transmitted to the control device 120, similarly to the eNodeB 140 in FIG. 18 (step S302).

  When receiving the new flow detection notification, the control device 120 determines from the reception port identifier included in the new flow detection notification that the flow belongs to the PDN 11. Then, the control device 120 specifies that the destination of this packet is the communication terminal 151 based on the information necessary for identifying the packet transfer rule included in the new flow detection notification and the information managed by the communication terminal location management function. To do. Further, the control device 120 determines a matching key of a processing rule to be newly set and confirms the position of the communication terminal 151 as a destination, and calculates a packet transfer path from the server 161 to the communication terminal 151. At that time, the control device 120 transfers the transfer route so that the flow is output to the virtual port corresponding to the bearer constructed for the communication terminal 151 to access the PDN 11 based on the information managed by the communication terminal location management function. Calculate Here, it is assumed that, as a result of the route calculation, a transfer route for transferring packets in the order of the flow switch 131, the flow switch 130, and the eNodeB 140 is calculated.

  As a matching key, in addition to the packet reception port and VLAN ID, the source MAC address and source IP address are the addresses of the server 161, and the destination IP address is the IP address of the communication terminal 151. Assume that the matching key to be determined has been determined. In this case, it is also assumed that the flow switch 131 decides to perform the action of embedding ID # 1 in the VLAN ID and the eNodeB 140 embedding ID # 0 which is the original value in the VLAN ID.

  The control device 120 creates a processing rule based on the determined matching key and transfer path, and sets the processing rule in the flow switches 130 and 131 and the virtual flow switch unit 142 on the transfer path (step S303).

  After setting the processing rules, the control device 120 starts managing the processing rules set in the flow switches 130 and 131 and the virtual flow switch unit 142 by the processing rule management function.

  When the setting of the processing rule is completed, the flow switch 131 transfers the buffered packet to the flow switch 130 after changing the VLAN ID of the packet to ID # 1 in accordance with the processing rule (step S304). Since the processing rule has already been set for each node on the packet transfer path, the packet is transferred in the order of the flow switch 130 and the eNodeB 140. When receiving the packet, the eNodeB 140 changes the VLAN ID of the packet to the original value ID # 0, and then causes the packet to reach the communication terminal 151 through the bearer.

  Next, a series of procedures until the communication terminal 151 leaves the communication system 3, that is, disconnects the bearer for accessing the PDN 11, and further disconnects the link with the eNodeB 140 will be described using FIG.

  First, the communication terminal 151 releases a bearer for accessing the PDN 11 (step S305). When the bearer with the communication terminal 151 is released, the eNodeB 140 deletes the virtual port corresponding to this bearer (step S306). Specifically, the logical channel management unit 141 inside the eNodeB 140 notifies the virtual flow switch unit 142 of the bearer release. When the virtual flow switch unit 142 recognizes the bearer release, the virtual flow switch unit 142 deletes the virtual port associated with the bearer.

  When the virtual port is deleted, the virtual flow switch unit 142 of the eNodeB 140 transmits a port deletion notification to the control device 120 (step S307). The virtual port deletion notification includes a flow switch identifier for identifying the virtual flow switch unit 142 and a port identifier assigned to the virtual port.

  When receiving the port deletion notification, the control device 120 deletes the correspondence relationship between the communication terminal 151 and the notified virtual port registered in the communication terminal location management function. The control device 120 deletes the correspondence relationship between the notified port and the network attribute registered in the port attribute management function.

  After releasing the bearer, the communication terminal 151 disconnects the link with the eNodeB 140 (step S308).

  As described above, because it is configured to create and delete virtual ports with network attributes according to bearer creation and deletion, duplicate packets in the private IP address space can be identified and transferred as separate flows. Can do. Further, in order to embed an identifier in a data packet in order to uniquely identify a flow within a communication system in which a plurality of different private IP address spaces are mixed (in this specific example, a VLAN ID), in other flow switches on the route, By including the identifier in the matching key, both can be identified and a new processing rule (flow entry) can be generated.

  In the above description, the bearer is established / released in a series of flows when the communication terminal 151 is connected to or disconnected from the communication system 3. Alternatively, the communication terminal 151 may independently establish / release a bearer. The communication terminal 151 may be configured to simultaneously construct two or more bearers.

  As an access method, it is only necessary to construct a logical channel. In addition to LTE (Long Term Evolution), other access methods defined by 3GPP and 3GPP2 such as W-CDMA (Wideband Code Division Multiple Access) and CDMA2000, and WiMAX (IEEE802.16e) or the like can be used.

  In the specific example described above, the eNodeB terminates the bearer. However, the eNodeB does not necessarily terminate at the eNodeB. For example, in the case of a communication system in which a PDN-GW exists as shown in FIG. 30, a configuration in which the PDN-GW includes a virtual flow switch unit can also be employed.

  Further, the second embodiment can also be realized by the eNodeB 140a shown in FIG. 21. In this case as well, a plurality of bearers are collectively created and deleted for each PDN, and a processing rule is created and identified. can do. In this case, as a common parameter for grouping bearers, an APN notified from the communication terminal 151 or downloaded from the HSS can be used.

  In the specific example described above, the communication terminal 151 has been described as accessing the communication system 3 wirelessly. However, as described below, a point-to-point protocol (PPP) or a virtual private network (VPN) is used. The present invention can also be applied to the case of accessing by a wired system capable of constructing a logical channel.

  FIG. 22 is a diagram showing a configuration in which the present invention is applied to PPP. In this mode, a PPPoE (Point-to-Point Protocol over Ethernet) server constructs a logical channel when it is called a PPP session with a communication terminal, and includes a virtual flow switch unit.

  FIG. 23 is a diagram showing a configuration in which the present invention is applied to a VPN. In this embodiment, a virtual private network gateway (VPN GW) constructs a logical channel called a communication terminal and a VPN tunnel, and includes a virtual flow switch unit.

[Specific Example 2]
Subsequently, the first embodiment described above will be described with another specific example. FIG. 24 is a diagram showing the configuration of a specific example of the present invention. Referring to FIG. 24, a control device 120, flow switches (open flow switches) 130 to 132, and a VPN GW 145 are illustrated.

  The control device 120 performs a path control for a terminal connected to the communication system 3 to perform communication by setting processing rules in the flow switches 130 to 132 and the VPN GW 145. More specifically, a network topology management function, a communication terminal location management function, a processing rule generation function, a route calculation function, a processing rule management function, a flow switch management function, and a port attribute management function are provided. ing. Such a control device 120 can be configured based on the OpenFlow controller of Non-Patent Document 2, for example. Since the control device 120 is the same as the control device 120 described in the first specific example, the detailed description of each function is omitted.

  The flow switches 130 to 132 correspond to the forwarding nodes 30 to 32 of the first embodiment described above, and are devices that perform packet forwarding based on the processing rules set by the control device 120. Such flow switches 130 to 132 can be configured by, for example, the open flow switch of Non-Patent Document 2.

  The VPN GW 145 corresponds to the logical channel control device 40 of the first embodiment described above, manages a logical channel for a communication terminal belonging to the corporate network to connect to the data center network, and provides connectivity to the communication system 3. This is realized by a provided VPN device or the like.

  FIG. 25 is a block diagram showing a specific configuration of the VPN GW 145 of FIG. As shown in FIG. 25, the VPN GW 145 includes a logical channel management unit 141a and a virtual flow switch unit 142.

  The logical channel management unit 141a includes a VPN tunnel management function such as creation and release of a VPN tunnel established between the VPN client and the VPN GW 145 in order for a communication terminal in the corporate network to communicate with a server in the data center network 191. A VPN tunnel event notification function for notifying the virtual flow switch unit 142 of events such as creation and release of a VPN tunnel, and a packet transfer function between the VPN tunnel and the virtual flow switch unit 142 are provided.

  The virtual flow switch unit 142 includes a virtual port management function and a port event notification function in addition to the functions corresponding to the flow switches 130 to 132 described above. The virtual port management function is a function for managing a virtual port by generating / deleting a virtual port corresponding to each VPN tunnel in response to an event such as creation / release of a VPN tunnel notified from the logical channel management unit 141. It is. The port event notification function is a function that notifies the control device 120 that notifies an event such as generation / deletion of a port corresponding to a virtual port.

  In this specific example, it is assumed that the communication terminal 151 and the VPN client 171 existing in the corporate network 181 and the server 161 existing in the data center network 191 are devices belonging to the corporate network 181. Similarly, it is assumed that the communication terminal 152 and the VPN client 172 existing in the corporate network 182 and the server 162 existing in the data center network 191 are devices belonging to the corporate network 182.

  In this specific example, only one communication terminal and one VPN client are described in each of the corporate networks 181 and 182, but a plurality of communication terminals and VPN clients may exist. In this specific example, the VPN client receives connectivity from the VPN GW 145 as an external node.

  Next, the overall operation will be described in detail with reference to the sequence diagrams of FIGS.

  First, a series of procedures until the VPN client 171 connects to the data center network 191, that is, creates a VPN tunnel with the VPN GW 145 will be described with reference to FIG. 26.

  First, the VPN client 171 generates a VPN tunnel for accessing the data center network 191 with the VPN GW 145 (step S402). When generating the VPN tunnel, the VPN client 171 notifies the network attribute information indicating the corporate network 181 together with the flow information passing through the VPN tunnel, so that the server in the data center network 191 to which the VPN tunnel belongs to the corporate network 181. The VPN GW 145 is explicitly notified that it is a VPN tunnel for accessing.

  In the example of FIG. 26, the flow information and network identification information belonging to the VPN tunnel is notified from the VPN client 171 to the VPN GW 145, but is downloaded from an authentication server (not shown) that cooperates when establishing the VPN tunnel. It can also be configured.

  When a VPN tunnel with the VPN client 171 is generated, the VPN GW 145 generates a virtual port corresponding to the VPN tunnel (step S403).

  Specifically, the logical channel management unit 141a, which is an internal function of the VPN GW 145, notifies the virtual flow switch unit 142 of VPN tunnel generation. At that time, the logical channel management unit 41 also notifies the network attribute information to which the VPN client 171 associated with the VPN tunnel belongs. When the virtual flow switch unit 142 recognizes the creation of a new VPN tunnel, the virtual flow switch unit 142 creates a virtual port associated with the VPN tunnel. This virtual port is connected to the logical channel management unit 141a by the internal interface of the VPN GW 145. Therefore, the logical channel manager 141a can also recognize the correspondence between the VPN tunnel and the virtual port. As a result, the logical channel manager 141a can transfer the data packet input from the virtual port to the corresponding VPN tunnel.

  When the virtual port is generated, the virtual flow switch unit 142 in the VPN GW 145 transmits a port generation notification to the control device 120 (step S404). This port generation notification includes a flow switch identifier for identifying the virtual flow switch unit 142, a port identifier assigned to the virtual port, and network identification information associated with the virtual port.

  When receiving the port generation notification, the control device 120 registers the correspondence between the notified virtual port and its network attribute.

  Next, the procedure by which the communication terminal 151 starts communication with the server 161 in the data center network 191 will be described with reference to FIG.

  First, the communication terminal 151 transmits a data packet to the server 161 via the VPN tunnel (step S405). This data packet reaches the VPN GW 145 that terminates the VPN tunnel. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  Upon receiving the data packet, the VPN GW 145 passes the data packet from the logical channel management unit 141a to the virtual flow switch unit 142 via the internal interface corresponding to the VPN tunnel.

  When the virtual flow switch unit 142 receives the data packet, it searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the first packet received, there is no corresponding processing rule.

  Therefore, the virtual flow switch unit 142 buffers the received packet and then transmits a new flow detection notification to the control device 120 (step S406). This new flow detection notification includes information necessary for identifying a packet transfer rule (for example, MAC address, IP address, port number (including both the source and destination) and VLAN ID) and the received port identifier of the port that received the packet. It is included.

  When receiving the new flow detection notification, the control device 120 registers that the communication terminal 151 exists in the reception port included in the new flow detection notification in the database in the communication terminal location management function. Subsequently, the control device 120 determines that the flow belongs to the corporate network 181 from the reception port identifier included in the new flow detection notification. Then, the control device 120 confirms that the communication partner of the communication terminal 151 is the server 161 based on information necessary for identifying the packet transfer rule included in the new flow detection notification and information managed by the communication terminal location management function. Identify. Further, the control device 120 determines a matching key of a processing rule to be newly set and confirms the position of the server 161 as a destination, and calculates a packet transfer path from the communication terminal 151 to the server 161. Here, as a result of the route calculation, it is assumed that a packet transfer route for transferring packets in the order of the VPN GW 145, the flow switch 130, and the flow switch 131 is calculated.

  Further, as a matching key, in addition to the packet reception port and VLAN ID, the transmission source IP address is the IP address of the communication terminal 151, and the destination MAC address and the destination IP address are the addresses of the server 161. It is assumed that a matching key has been determined. Furthermore, it is assumed that the VPN GW 145 embeds ID # 1 in the VLAN ID and the flow switch 131 decides to perform the action of embedding the original value ID # 0 in the VLAN ID.

  The control device 120 creates a processing rule based on the matching key and the transfer route, and sets the processing rule in the flow switches 130 and 131 and the virtual flow switch unit 142 that are flow switches on the route (step S407).

  After setting the processing rules, the path control device 120 starts managing the processing rules set in the flow switches 130 and 131 and the virtual flow switch unit 142 by the processing rule management function.

  When the setting of the processing rule is completed, the virtual flow switch unit 142 changes the VLAN ID of the packet to ID # 1 according to the processing rule according to the processing rule, and then transfers the packet to the flow switch 130 (step S408). Since a processing rule has already been set in step S407 for the flow switch on the packet transfer path, this packet is transferred in the order of the flow switches 130 and 131. When the flow switch 131 receives the packet, it changes the VLAN ID of the packet to the original value ID # 0 and then delivers the packet to the server 161.

  Next, the procedure by which the server 161 in the data center network 191 starts communication with the communication terminal 151 will be described with reference to FIG.

  First, the server 161 transmits a data packet to the communication terminal 151 (step S501). This data packet reaches the flow switch 131. Here, it is assumed that the VLAN ID of the data packet is ID # 0.

  When the flow switch 131 receives the data packet, it searches the flow table and searches for a processing rule having a matching key that matches the received packet. However, since this packet is the packet transmitted first by the server 161, a new flow detection notification is transmitted to the control device 120 in the same manner as the VPN GW 145 in FIG. 27 (step S502).

  When receiving the new flow detection notification, the control device 120 determines from the reception port identifier included in the new flow detection notification that the flow belongs to the corporate network 181. Then, the control device 120 specifies that the destination of this packet is the communication terminal 151 based on the information necessary for identifying the packet transfer rule included in the new flow detection notification and the information managed by the communication terminal location management function. To do. Further, the control device 120 determines a matching key of a processing rule to be newly set and confirms the position of the communication terminal 151 as a destination, and calculates a packet transfer path from the server 161 to the communication terminal 151. At that time, the control device 120 transfers the flow so that the communication terminal 151 outputs to the virtual port corresponding to the VPN tunnel constructed for accessing the PDN 11 based on the information managed by the communication terminal location management function. Calculate the route. Here, it is assumed that, as a result of route calculation, a transfer route for transferring packets in the order of the flow switch 131, the flow switch 130, and the VPN GW 145 is calculated.

  As a matching key, in addition to the packet reception port and VLAN ID, the source MAC address and source IP address are the addresses of the server 161, and the destination IP address is the IP address of the communication terminal 151. Assume that the matching key to be determined has been determined. In this case, it is also assumed that the VPN GW 145 embeds ID # 1 in the VLAN ID and the flow switch 131 decides to perform the action of embedding the original value ID # 0 in the VLAN ID.

  The control device 120 creates a processing rule based on the determined matching key and transfer path, and sets the processing rule in the flow switches 130 and 131 and the virtual flow switch unit 142 on the transfer path (step S503).

  After setting the processing rules, the control device 120 starts managing the processing rules set in the flow switches 130 and 131 and the virtual flow switch unit 142 by the processing rule management function.

  When the setting of the processing rule is completed, the flow switch 131 changes the packet VLAN ID to ID # 1 according to the processing rule according to the processing rule, and then transfers the packet to the flow switch 130 (step S504). Since processing rules have already been set for each node on the packet transfer path, this packet is transferred in the order of the flow switch 130 and the VPN GW 145. When the VPN GW 145 receives the packet, it changes the VLAN ID of the packet to the original value ID # 0, and then delivers the packet to the communication terminal 151 through the VPN tunnel.

  Next, a series of procedures until the VPN client 171 leaves the communication system 3, that is, a VPN tunnel for accessing the data center network 191 is disconnected will be described with reference to FIG.

  First, the VPN client 171 releases a VPN tunnel for accessing the data center network 191 (step S505). When the VPN tunnel with the VPN client 171 is released, the VPN GW 145 deletes the virtual port corresponding to this VPN tunnel (step S506). Specifically, the logical channel management unit 141a inside the VPN GW 145 notifies the virtual flow switch unit 142 of the release of the VPN tunnel. When recognizing the release of the VPN tunnel, the virtual flow switch unit 142 deletes the virtual port associated with this VPN tunnel.

  When the virtual port is deleted, the virtual flow switch unit 142 of the VPN GW 145 transmits a port deletion notification to the control device 120 (step S507). This port deletion notification includes a flow switch identifier for identifying the virtual flow switch unit 142 and a port identifier assigned to the virtual port.

  When receiving the port deletion notification, the control device 120 deletes the correspondence between the notified port and the network attribute registered in the port attribute management function. In addition, if there is a communication terminal registered in the communication terminal location management function when connected to the notified port, the control device 120 is associated with the corresponding communication terminal and the notified virtual port. Is deleted.

  As described above, since the virtual port having the network attribute is generated / deleted according to the creation / deletion of the VPN tunnel, the duplicate packets in the private IP address space are identified and transferred as separate flows. be able to. Furthermore, in order to embed an identifier in a data packet to uniquely identify a flow in a data center network in which a plurality of different private IP address spaces are mixed (in this specific example, a VLAN ID), in other flow switches on the route, By including the identifier in the matching key, both can be identified and a new processing rule (flow entry) can be generated.

  In the above description, in order to simplify the description, the description is given on the assumption that the data center network 191 is closed in one space as shown in FIG. As long as one data center network is formed, the individual devices may be scattered in a plurality of geographically different spaces.

  As mentioned above, although embodiment of this invention and its specific example were demonstrated, this invention is not limited to above-described embodiment, In the range which does not deviate from the fundamental technical idea of this invention, further modification * Replacement and adjustment can be added.

Finally, a preferred form of the invention is summarized.
[First embodiment]
(Refer to the communication system according to the first viewpoint)
[Second form]
In the communication system of the first form,
The forwarding node that operates as the logical channel control device notifies the control device of network attribute information of the logical channel along with the notification of creation or deletion of the virtual port,
A communication system in which the control device calculates a packet transfer route based on the notified network attribute information.
[Third embodiment]
In the communication system of the second form,
The control device causes the first transfer node on the calculated packet transfer path to execute processing to embed an identifier based on the network attribute information in the packet, and causes the last transfer node on the packet transfer path to A communication system for executing processing for removing the identifier from the packet.
[Fourth form]
In the communication system according to any one of the first to third aspects,
A communication system in which a forwarding node operating as the logical channel control device manages a plurality of logical channels having common parameters in association with one virtual port.
[Fifth embodiment]
In the communication system of the fourth form,
A communication system using network attribute information of a logical channel as the common parameter.
[Sixth embodiment]
(Refer to the logical channel control device from the second viewpoint)
[Seventh form]
In the logical channel control device of the sixth aspect,
A logical channel control device that notifies the control device of network attribute information of the logical channel together with notification of creation or deletion of the virtual port.
[Eighth form]
In the logical channel control devices of the sixth and seventh aspects,
A logical channel control apparatus that manages a plurality of logical channels having common parameters in association with one virtual port.
[Ninth Embodiment]
In the logical channel control device of the seventh aspect,
A logical channel control device using network attribute information of a logical channel as the common parameter.
[Tenth embodiment]
(Refer to the control device from the third viewpoint)
[Eleventh form]
In the control device of the tenth aspect,
Causing the first forwarding node on the calculated packet forwarding path to execute processing for embedding an identifier based on the network attribute information in the packet, and causing the last forwarding node on the packet forwarding path to send the identifier from the packet A control device that executes a process for removing the object.
[Twelfth embodiment]
(Refer to the communication method from the fourth viewpoint above.)
[13th form]
(Refer to the program from the fifth viewpoint above)
The twelfth and thirteenth forms can be developed into second to fifth forms as in the first form.
Within the scope of the entire disclosure (including claims) of the present invention, the embodiment can be changed and adjusted based on the basic technical concept. Various combinations and selections of various disclosed elements are possible within the scope of the claims of the present invention. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea.

  The present invention can also be applied to a mobile backhaul system that constitutes a mobile access network that accommodates a large number of base stations.

1, 3 Communication system 11, 12, Packet Data Network (PDN)
20 control device 21 flow entry database (flow entry DB)
DESCRIPTION OF SYMBOLS 22 Communication terminal location management part 23 Topology management part 24 Path | route / action calculation part 25 Flow entry management part 26 Control message processing part 27 Node communication part 28 Port attribute management part 30-32 Forwarding node 40, 40a Logical channel control apparatus 41, 41a 141, 141a Logical channel management unit 42, 142 Virtual flow switch unit 43 Virtual port 51, 52, 151, 152 Communication terminal 61, 62, 161, 162 Server 130, 131, 132 Flow switch 144 Point to Point Protocol over Ethernet ( PPPoE) Server 145 Virtual Private Network Gateway (VPN GW)
171 and 172 Virtual Private Network (VPN) client 181 and 182 Enterprise network 191 Data center network X1 Communication system X20 and 120 Controller X40 and 140, 140a E-UTRAN Node-B (eNodeB)
X41,241 Mobility Management Entity (MME)
X42 Serving Gateway (Serving GW)
X43 Packet Data Network Gateway (PDN GW)
X51 communication terminal X61 server

Claims (9)

A control device that sets processing rules in the forwarding node;
A plurality of forwarding nodes including a packet processing unit that performs processing of received packets based on the set processing rule,
At least one forwarding node among the forwarding nodes operates as a logical channel control device that establishes a logical channel with an external node, and is a virtual port associated with the logical channel established with the external node Generating or deleting information, notifying the control device,
The controller calculates a packet forwarding path using the notified port information;
A communication system characterized by the above. The forwarding node that operates as the logical channel control device notifies the control device of network attribute information of the logical channel along with the notification of creation or deletion of the virtual port,
The communication system according to claim 1, wherein the control device calculates a packet transfer route based on the notified network attribute information.   The control device causes the first transfer node on the calculated packet transfer path to execute processing to embed an identifier based on the network attribute information in the packet, and causes the last transfer node on the packet transfer path to The communication system according to claim 2, wherein processing for removing the identifier from the packet is executed.   The communication system according to any one of claims 1 to 3, wherein the forwarding node operating as the logical channel control device manages a plurality of logical channels having common parameters in association with one virtual port.   5. The communication system according to claim 4, wherein network attribute information of a logical channel is used as the common parameter. A logical channel manager that creates a logical channel with an external node and generates or deletes a virtual port in association with the constructed logical channel;
A virtual flow switch unit that performs processing of a received packet based on a processing rule set by the control device and notifies the control device of creation or deletion of the virtual port;
A logical channel control device. A control device that calculates a packet transfer route based on network attribute information associated with port information and sets a processing rule for a transfer node on the packet transfer route ,
Causing the first forwarding node on the calculated packet forwarding path to execute processing for embedding an identifier based on the network attribute information in the packet, and causing the last forwarding node on the packet forwarding path to send the identifier from the packet A control device that executes a process for removing the object . At least one forwarding node of a plurality of forwarding nodes connected to a control device that sets a processing rule in the forwarding node and including a packet processing unit that processes a received packet based on the set processing rule is an external node Operating as a logical channel control device for constructing a logical channel between the logical node constructed with the external node, giving virtual port information to the logical channel and notifying the control device;
  The control device calculates a packet forwarding route using the notified port information, creates a processing rule for realizing the forwarding route, and sets the processing rule in the forwarding node.
  A communication method characterized by the above. A program to be executed by a computer constituting a forwarding node that processes received packets based on processing rules set by a control device,
  A process of creating a logical port with an external node and creating or deleting a virtual port in association with the constructed logical channel;
  Processing for notifying the routing device of creation or deletion of the port;
  A program for causing the computer to execute.

Images